SECURING MANAGEMENT OPERATIONS IN 
A COMMUNICATION FABRIC 


ABSTRACT 

5 A system and method for preventing imtrusted nodes from sending or receiving 
management communications. In an environment such as an InfiniBand 
communication fabric, a management packet (e.g., a packet traversing virtual lane 
15) is one of four types: 1) Request from a manager node (e.g., Subnet Manager or 
SM) to an endnode; 2) Reply from an endnode to a request from the manager; 3) 

10 Request from an endnode to the manager; and 4) Reply from the manager to the 
endnode. Switches (and other routing devices) are configured to allow untrusted 
nodes to send management packets of types 2 and 3 only, and to receive 
management packets of types 1 and 4 only. Trusted nodes (e.g., manager nodes, 
switches) can send and receive all types. Each port of a switch or routing device 

15 has an associated indicator reflecting the level of trust afforded the node or switch 
coupled to the port. 
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